TechQA.

How to configure GitLab's phpcs-security-audit analyzer?

1.1k views Asked by At

I am trying to use phpcs-security-audit by including GitLab's SAST template. It generates a report as expected, but the report is filled with warnings from libraries and specific warnings that I would like to ignore for the report to be useful.

If I ran phpcs and phpcs-security-audit myself, I could store settings in a config file. Storing settings in .phpcs.xml works locally, but has no effect on GitLab's phpcs-security-audit analyzer. I can't find any documentation for it. Is it possible to configure the analyzer, and if so how?

php gitlab gitlab-ci phpcs sast
Original Q&A
1

There are 1 answers

1
Leon On BEST ANSWER

Yes you can. It's simple, create directory .gitlab, inside that create file called sast-ruleset.toml. In the sast-ruleset.toml, add this following code:

[phpcs-security-audit]
  [[phpcs-security-audit.ruleset]]
    disable = true

    [phpcs-security-audit.ruleset.identifier]
    type = "phpcs_security_audit_source"
    value = "PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem"

value is warning that you want to ignore, you can get the value in the Security Tab, go to the warning and select the Identifiers.

Scan Output Example

See the Gitlab documentation for more details.

Related Questions in PHP

Related Questions in GITLAB

Related Questions in GITLAB-CI

Related Questions in PHPCS

Related Questions in SAST

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions